"Could not decode token" custom JWT auth
While following the custom auth configuration setup, I ran into this issue where the backend could not decode the access token
Here is my auth setup
I have verified that my decoded
kid, alg, aud are all correct. I have a suspicision that because the issuer field here is not a HTTPS url, the decoding is not working. Would appreciate some support here
5 Replies
The Convex backend will prefix it with
https://. What is the actual iss claim value in your token?
Actually this probably isn't issuer related: https://github.com/get-convex/convex-backend/blob/a805f0b8d9692faf767bfddcc20fb1ab52d45e3a/crates/authentication/src/lib.rs#L288-L293
I'd check jwt.io and confirm that the token and jwks validateThe iss is privy.io, so maybe prefixing will cause an issue?
Gotcha let me try and run that snippet locally
@erquhart
I noticed that https://github.com/get-convex/convex-backend/blob/a805f0b8d9692faf767bfddcc20fb1ab52d45e3a/crates/authentication/src/lib.rs#L201-L216 only has RS256 and Ed25519,
Is it possible to add CoreJwsSigningAlgorithm::RsaSsaPssSha256?
For now only RS256 and Ed25519 are supported
ohh so no es256?
i'm actually looking to implement privy also with convex @marcus hahah
wondering after quite some time, have you found any way to solve this?
sry i'm being dumb, this is literally the standard of Ed25519
oh it seems i got it solved
just need to get this right, the backend wise everything just follow through
